30 January 2016

SingPass 2FA verification process simplified ahead of July deadline

SingPass users can now set up their two-step verification (2FA), a requirement for using the Singapore online ID, with greater ease and convenience, the Infocomm Development Authority (IDA) has announced. The process was previously more complex. 

If users do not set up their SingPass 2FA, they will not be able to perform sensitive government e-transactions, such as Inland Revenue Authority of Singapore (IRAS) tax filing and accessing Central Provident Fund (CPF) statements. 

From 5 July 2016, over 100 e-services by government agencies, such as the Ministry of Manpower (MOM), CPF, IRAS and the Accounting and Corporate Regulatory Authority (ACRA), will require 2FA to perform e-transactions. This means that in addition to their SingPass username and password, users will need to enter a One-Time Password sent via SMS or generated through a OneKey token.

Jacqueline Poh, Managing Director, Infocomm Development Authority of Singapore, said, "We are consistently improving our e-services to ensure that they are as user-friendly as possible, without compromising security, such as enabling users to activate their 2FA via SMS. We encourage all users to set up their SingPass 2FA early so that they can continue to perform their government e-transactions safely and without any disruption.”

To confirm that they have set up their 2FA, users can log into their SingPass account, click My Account, followed by Manage 2-Step Verification. If they have not set up their 2FA, they will be prompted to do so.


The IDA said users only need to:
  • Log into their SingPass account and click Set Up 2-Step Verification (2FA) under the Quick Links section 
  • Register for SMS or OneKey token via the SingPass website – after which, a pin mailer that contains an activation code will be sent to their registered address 
  • Send the activation code to 78111 via SMS, or log into Assurity’s website, to activate their 2FA 
There is a wait of up to seven working days for a pin mailer to activate their 2FA before they can perform sensitive e-transactions.